Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types of attacks, and has also deployed additional protections for L1TF. All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.

Updated kernels for Amazon Linux AMI 2017.09 (ALAS-2018-1058), Amazon Linux AMI 2018.03 (ALAS-2018-1058), and Amazon Linux 2 (ALAS-2018-1058) are available in the respective repositories. As a general security best practice, we recommend that customers patch their operating systems or software as relevant patches become available to address emerging side-channel issues.

Meanwhile, we suggest using the stronger security and isolation properties of EC2 instances rather than relying on operating system process boundaries or containers when workloads execute with different security privileges.